[ceph.git] / ceph / src / test / cli / ceph-authtool / manpage.t

  $ ceph-authtool
  ceph-authtool: must specify filename
  usage: ceph-authtool keyringfile [OPTIONS]...
  where the options are:
    -l, --list                    will list all keys and capabilities present in
                                  the keyring
    -p, --print-key               will print an encoded key for the specified
                                  entityname. This is suitable for the
                                  'mount -o secret=..' argument
    -C, --create-keyring          will create a new keyring, overwriting any
                                  existing keyringfile
    -g, --gen-key                 will generate a new secret key for the
                                  specified entityname
    --gen-print-key               will generate a new secret key without set it
                                  to the keyringfile, prints the secret to stdout
    --import-keyring FILE         will import the content of a given keyring
                                  into the keyringfile
    -n NAME, --name NAME          specify entityname to operate on
    -u AUID, --set-uid AUID       sets the auid (authenticated user id) for the
                                  specified entityname
    -a BASE64, --add-key BASE64   will add an encoded key to the keyring
    --cap SUBSYSTEM CAPABILITY    will set the capability for given subsystem
    --caps CAPSFILE               will set all of capabilities associated with a
                                  given key, for all subsystems
    --mode MODE                   will set the desired file mode to the keyring
                                  e.g: '0644', defaults to '0600'
  [1]

# demonstrate that manpage examples fail without config
# TODO fix the manpage
  $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
  creating keyring

# work around the above
  $ touch ceph.conf

To create a new keyring containing a key for client.foo:

  $ ceph-authtool --create-keyring --id foo --gen-key keyring
  creating keyring

  $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
  creating keyring

To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):

  $ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring

To display the contents of the keyring:

  $ ceph-authtool -l keyring
  [client.foo]
  \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
  \tcaps mds = "allow" (esc)
  \tcaps mon = "allow r" (esc)
  \tcaps osd = "allow rw pool=data" (esc)
Commit	Line	Data
7c673cae FG	1	$ ceph-authtool
	2	ceph-authtool: must specify filename
	3	usage: ceph-authtool keyringfile [OPTIONS]...
	4	where the options are:
	5	-l, --list will list all keys and capabilities present in
	6	the keyring
	7	-p, --print-key will print an encoded key for the specified
	8	entityname. This is suitable for the
	9	'mount -o secret=..' argument
	10	-C, --create-keyring will create a new keyring, overwriting any
	11	existing keyringfile
	12	-g, --gen-key will generate a new secret key for the
	13	specified entityname
	14	--gen-print-key will generate a new secret key without set it
	15	to the keyringfile, prints the secret to stdout
	16	--import-keyring FILE will import the content of a given keyring
	17	into the keyringfile
	18	-n NAME, --name NAME specify entityname to operate on
	19	-u AUID, --set-uid AUID sets the auid (authenticated user id) for the
	20	specified entityname
	21	-a BASE64, --add-key BASE64 will add an encoded key to the keyring
	22	--cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
	23	--caps CAPSFILE will set all of capabilities associated with a
	24	given key, for all subsystems
94b18763 FG	25	--mode MODE will set the desired file mode to the keyring
94b18763 FG	26	e.g: '0644', defaults to '0600'
7c673cae FG	27	[1]
	28
	29	# demonstrate that manpage examples fail without config
	30	# TODO fix the manpage
	31	$ ceph-authtool --create-keyring --name client.foo --gen-key keyring
	32	creating keyring
	33
	34	# work around the above
	35	$ touch ceph.conf
	36
	37	To create a new keyring containing a key for client.foo:
	38
	39	$ ceph-authtool --create-keyring --id foo --gen-key keyring
	40	creating keyring
	41
	42	$ ceph-authtool --create-keyring --name client.foo --gen-key keyring
	43	creating keyring
	44
	45	To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):
	46
	47	$ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring
	48
	49	To display the contents of the keyring:
	50
	51	$ ceph-authtool -l keyring
	52	[client.foo]
	53	\\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
	54	\tcaps mds = "allow" (esc)
	55	\tcaps mon = "allow r" (esc)
	56	\tcaps osd = "allow rw pool=data" (esc)